Privacy & Civil Liberties Engineering
Palantir is a mission-focused company. Our team is dedicated to working for the common good and doing what's right, in addition to being deeply passionate about building great software and a successful company.
Palantir was founded on the conviction that it's essential to preserve fundamental principles of privacy and civil liberties while using data. Our earliest work in counter-terrorism required us to ask whether we could meaningfully strengthen national security in the US without weakening constitutional privacy protections. In response, we invested financial and intellectual capital to build technology that is now trusted by the world's most stringent — and skeptical — data protection regimes.
Our culture of open and critical discussion around the implications of our technology ensures that we remain true to that initial conviction, even as the nature of data and the environments where we operate evolve. From their first day, new Palantirians are trained to ask: "Do I want to live in the kind of world that the technology we're building would enable?"
To help our engineers and business leaders answer this question affirmatively, we:
As we build and implement technology to answer questions of increasing significance and complexity, we follow a set of principles that help us ensure we are doing so responsibly.
Privacy and civil liberties engineering is an evolving field, and every organization is subject to unique requirements and concerns. The ways in which these principles are realized will differ among products and organizations. But the end goal should be the same: developing and implementing technology with a full understanding of its potential effects on fundamental rights and incorporating technical capabilities that can support responsible data handling policies.
At Palantir, we build software platforms that help our customers integrate and analyze their own data in ways that are consistent with legal and ethical considerations. As a company, we do not collect data, sell data, or facilitate unauthorized sharing of data among customers or any other parties.
Over the past two decades, we've developed numerous privacy-protective features that are now built into our products by default. These features not only facilitate responsible data processing, but also enable our customers to process sensitive data in accordance with complex laws, such as the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), to name just two of the more prominent examples. To learn more about the solutions we offer to enable more specific privacy compliance workflows, such as responding to data subject access and deletion requests, please see palantir.com/solutions/data-protection.
Federation allows users to search and analyze data from multiple, independent databases without duplicating and centralizing data in a single place. Our platforms provide intelligent query interfaces that abstract away the complexity of federation so users can access the information they need without requiring that its source be integrated directly into their organization's Palantir instance.
Our platforms provide highly granular access restrictions with subtle and flexible permissioning frameworks, such as role-, temporal-, and purpose-based limitations. This allows for precision data management - even, at times, across multiple, independent databases - that closely aligns access with appropriate proportionality specifications. A user sees only the specific information necessary for a defined task (e.g., investigating a specific crime or determining whether to extend credit to an individual), and only long enough to complete the task. Beyond access controls, our platforms also enable organizations to apply dynamic data minimization procedures such as pseudonymization, obfuscation, and encryption to meet often complex and context-dependent compliance obligations.
Our platforms automatically maintain complete records of data provenance and all transformations applied to data in the system, allowing users and data subjects alike to assess the reliability of the data and where necessary review and correct inaccuracies. Providing users with well-curated, up-to-date data reduces the risks of erroneous conclusions that might lead to anything from mild inconvenience to serious and costly legal ramifications for an individual.
User actions within a system must be recorded to ensure that authorized oversight entities, both internal to an organization and external, can confirm that data is being used appropriately and in conformity with applicable policies and law. Our platforms maintain audit logs and make them accessible to (and readable by) authorized users to enable them to both investigate potential past misuse of systems and flag suspicious activity proactively.
System administrators must be able to implement flexible and auditable retention policies and verify that data flagged for deletion has truly been purged from the system. Our platforms allow organizations to ensure that old or irrelevant information is removed as required by data management best practices, laws, or even regulations that are backed by significant fines for noncompliance.
Every Palantirian plays a role in our commitment to protecting privacy and civil liberties. In addition, we employ an interdisciplinary team of engineers, lawyers, and philosophers who take the lead. The Privacy and Civil Liberties Engineering team shares a broad range of responsibilities, including:
Our government, commercial, and philanthropic customers around the world are at the cutting edge of some of the most challenging privacy and civil liberties questions of our time. When should usage of open source data such as social media information be curtailed in the interests of protecting privacy and freedom of speech? What data should law enforcement information systems generate to enable effective oversight and ensure accountability to governments and to the public? How do you ensure that sensitive medical information is only available to researchers who need to see it and only used for the purposes for which a patient gave consent?
Our Privacy and Civil Liberties team leads us in navigating these questions thoughtfully, with their broadest implications in mind. The following examples describe how we've responded to some of these challenges:
In 2012, we created the Palantir Council of Advisors on Privacy and Civil Liberties (PCAP), a group of independent experts in privacy law, policy, and ethics who help us understand and address the complex issues we encounter in the course of our work. In 2014 we expanded the PCAP to include additional international advisors to help us navigate the European and broader International data privacy landscapes.
The Palantir PCL team meets with the PCAP regularly for discussion and exchange, including on such topics as:
In addition to our regular meetings, the PCL team often consults members of the PCAP on an ad hoc basis to consider issues as they arise.
Malcolm Crompton – Lead Privacy Advisor at Information Integrity Solutions Pty Ltd (IIS), at which he was also a founder and first Managing Director. Malcolm served as Privacy Commissioner of Australia 1999-2004. He currently also is Director of Bellberry Limited, a private not-for-profit company which provides privacy and health ethics advisory services and a member of the NSW Data Analytics Centre Advisory Board.
Bryan Cunningham – Bryan is Executive Director of the University of California, Irvine Cybersecurity Policy & Research Institute and has practiced privacy, cybersecurity, and data protection law for nearly two decades. Bryan is a long-time senior counsel to Palantir and serves as the Executive Director of the PCAP.
Alex Deane – Senior Managing Director at FTI consulting. Alex was a founder of Big Brother Watch, a prominent U.K. privacy and civil liberties advocacy organization. Alex previously served as Chief of Staff to David Cameron and Tim Collins during their respective terms as Shadow Secretaries of State for Education.
Robert Gellman – A privacy and information consultant who worked for nearly two decades on privacy issues in the U.S. Congress.
Chris Hoofnagle – Chris holds dual appointments as adjunct professor in the University of California Berkeley School of Law and the School of Information (where he is resident).
Jeh C. Johnson – Practicing attorney with Paul, Weiss, Rifkind, Wharton & Garrison, LLP. Johnson formerly served as Secretary of Homeland Security (2013-2017), General Counsel of the Department of Defense (2009-2012), General Counsel of the Air Force (1998-2001), and as an Assistant U.S. Attorney in the Southern District of New York (1989-1991).
Sébastien-Yves Laurent – Professor of Political Science at the University of Bordeaux where he also serves as Vice President. Sébastien-Yves’ research interests deal with the social uses of IT and international security issues.
Nancy Libin – Co-Chair of the Privacy, Security & Technology practice at Davis Wright Tremaine, former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, and former Counsel to then-Senator Joseph Biden on the Senate Judiciary Committee and at the Center for Democracy and Technology.
Sylvain Métille – Partner at the Swiss law firm HDC where he specializes in data protection, surveillance, and IT law. Sylvain also lectures on computer crime at the University of Lausanne.
Stephanie Pell – A private consultant specializing in privacy and civil liberties issues who formerly served in the Department of Justice as an Assistant US Attorney and later as Senior Counsel to the Deputy Attorney General.
Stephanie Perrin – Privacy consultant and researcher with Digital Discretion, Inc. Stephanie’s work spans government, private sector, and non-profit clients, both domestic and international. During her 30 years in the Canadian federal government, one of her accomplishments was developing Canada’s private sector privacy legislation (PIPEDA) for Industry Canada.
Alexander Pretschner - Software Engineering Chair in the Department of Informatics at Technische Universität München, where his research focuses on testing and distributed data usage control.
Priscilla Regan - Professor in the Schar School of Policy and Government at George Mason University where she focuses on the analysis of the use of new information and communications technologies. Pris is the author of Legislating Privacy: Technology, Social Values, and Public Policy among many other scholarly works.
Lothar Schröder - Former member of the executive board of the German United Services Union Verdi, head of the Innovation Committee on the Supervisory Board of Deutsche Telekom AG, and advisor to the German Bundestag's Commission on the subject of artificial intelligence. Lothar is active in numerous research and innovation projects on the subjects of artificial intelligence, privacy, and the future of work.
Tim Sparapani - Former Senior Privacy and Immigration Rights Counsel at the American Civil Liberties Union and he was the first Director of Public Policy at Facebook. Tim now runs his own privacy consultancy firm, SPQR Strategies.
Daniel Weitzner – Founding Director, MIT Internet Policy Research Initiative, former White House Deputy Chief Technology Officer for Internet Policy and Co-founder of the Center for Democracy and Technology.
The PCAP is advisory only, and members are compensated for their time. The PCAP is neither asked nor expected to agree with and/or endorse decisions made by Palantir.
Discussions with PCAP members are confidential.